CVE-2015-9098

Description

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability
• https://www.exploit-db.com/exploits/42444/
• http://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability
• https://www.exploit-db.com/exploits/42444/

CWEs

CWE-89

💬 Discuss CVE-2015-9098 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.